ssl-check

The ssl-check function is used along with a Client tag to limit access of certain directories to non-exportable browsers.
If a restriction is selected that is not consistent with the current cipher
settings, this function displays a warning that ciphers with larger secret
keysizes must be enabled.

The function returns REQ_NOACTION if SSL is not enabled,
or if the secret-keysize parameter is not specified. If
the secret keysize for the current session is less than the specified secret-keysize and the bong-file parameter is not specified,
the function returns REQ_ABORTED with a status of PROTOCOL_FORBIDDEN. If the bong-file is specified, the function
returns REQ_PROCEED, and the path variable
is set to the bong-file name. Also, when a keysize restriction
is not met, the SSL session cache entry for the current session is invalidated
so that a full SSL handshake will occur the next time the same client connects
to the server.

Requests that use ssl-check are not cacheable in
the accelerator file cache if ssl-check returns something
other than REQ_NOACTION.

Parameters

The following table describes parameters for the ssl-check function.

Table 7–30 ssl-check Parameters

Parameter

Description

secret-keysize

(Optional) Minimum number of bits required in the secret key.

bong-file

(Optional) Name of a file (not a URI) to be served if the restriction
is not met.

bucket

(Optional) Common to all obj.conf functions. Adds
a bucket to monitor performance. For more information, see The bucket Parameter.